Privacy Policy – Emerald Spa
1. General Information
This Privacy Policy explains how Emerald Spa (“we”, “our”, “us”) collects, processes, and protects your personal data when you visit or make a purchase through our website https://emeraldspa.pl.
We operate in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Polish data protection and consumer laws.
2. Data Controller
The controller of your personal data is:
Emerald Spa
ul. Chałubińskiego 64, 30-698 Kraków, Poland
NIP: 7342695546
Email: [email protected]
Phone: +48 515 548 755
3. Personal Data We Collect
When you interact with our store, we may collect the following information:
Name and surname
Billing and shipping address
Email address and phone number
Order details and payment confirmation data
Account login details (if you create an account)
IP address, browser information, and device type (for analytics and fraud prevention)
Communication records (when you contact us)
We do not store or process your full payment card details — payments are handled securely by certified third-party payment providers.
4. Purpose and Legal Basis for Processing
Your data is processed for the following purposes:
To process and fulfill your orders (Article 6(1)(b) GDPR – performance of a contract)
To provide customer service and respond to inquiries (Article 6(1)(f) GDPR – legitimate interest)
To comply with legal obligations such as accounting and taxation (Article 6(1)(c) GDPR)
To send marketing materials or newsletters when you have given consent (Article 6(1)(a) GDPR)
5. Data Retention and Security
We retain your personal data only as long as necessary to fulfill the purposes described above or as required by Polish law (e.g., 5 years for accounting records).
Your data is stored securely using SSL encryption and protected servers. We use trusted WooCommerce and WordPress systems that comply with EU data protection standards.
6. Data Sharing
We may share your personal data only with trusted partners necessary to operate our business, including:
Payment processors (e.g., Przelewy24, PayPal, Stripe)
Delivery companies (e.g., InPost, DPD, DHL)
IT and hosting providers (for technical support)
Accounting and legal services, where required by law
All third parties are GDPR-compliant and process your data only under our instruction.
7. Your Rights
Under GDPR and Polish law, you have the right to:
Access and obtain a copy of your data
Correct inaccurate or incomplete data
Request deletion (“right to be forgotten”)
Restrict or object to processing
Withdraw consent (for marketing communications)
Request data portability
Lodge a complaint with the President of the Personal Data Protection Office (UODO) in Warsaw
To exercise your rights, please contact us at [your email address].
8. Cookies and Analytics
Our website uses cookies to ensure proper functionality, enhance your shopping experience, and analyze traffic.
You can adjust cookie settings in your browser at any time.
By continuing to use our website without changing settings, you consent to our use of cookies in accordance with this Policy.
9. Marketing Communication
If you subscribe to our newsletter or agree to receive updates, we will use your contact details to send news, offers, or wellness tips related to Emerald Spa.
You can unsubscribe at any time via the link in our emails or by contacting us directly.
10. Policy Updates
We may update this Privacy Policy periodically to reflect changes in our practices or legal obligations.
The latest version will always be available on this page with a “Last Updated” date.
Last Updated: 11/10/25
Emerald Spa – Kraków, Poland
https://emeraldspa.pl
English (UK) 
Polski
Українська
Español
Deutsch
